Mosquitto and Aedes on Raspberry Pi 4

I currently have The Eclipse Mosquitto MQTT broker running on the Raspberry Pi 2, 3 and 4, Buster Raspbian, not to mention countless other variations of Debian and Ubuntu on various boards used at one time or another in the past (Orange Pi, various FriendlyArm boards and far more).

Below is the link I originally followed for the install – Mosquitto has been part of my standard install using “the script” for a long time – (last update April 2020). See my Bitbucket area and other parts of this blog for more on “the script”. I still use the Mosquitto broker having looked at several alternatives – the MOSCA Node-Red broker didn’t go anywhere – meanwhile, Mosquitto IS ready, works perfectly and it is also free and easy to use – I use it 24-7 in my own RPi4 installations here in Spain and in the UK, not to mention countless installations I’ve helped put together for others.

I started running Mosquitto on RPI2, then RPI3 and now RPI4. As an alternative to Mosquitto you could now take a look at node-red-contrib-Aedes – no other installation needed (you can also use Aedes alongside Mosquitto on a different port – just put the Aedes node somewhere on one of your pages and adjust the port number – then use the normal MQTT nodes to access it). I used npm to install it but apparently it installs for others through the Node-Red Pallette Manager.

This blog entry has been constructed over time going as far back as 2015…

I simply installed the repository then Mosquitto itself, nothing more.

This installation put a non-personalised config file at /etc/mosquitto – so in there was pointed to the directory /etc/mosquitto/conf.d – so I put my mosquitto.conf in there which was basically 2 lines…

I’ve not yet put SSL in there but I certainly wasn’t going to start up the broker with NO security. I added a simple text file passwords.txt as above with a one-liner admin (colon) password where the password is encrypted using the Mosquitto password program for the PC (thankfully I already had a passwords file).

And that’s it really, stop the broker and restart it to make sure it takes notice of the config file..

sudo /etc/init.d/mosquitto stop
sudo /etc/init.d/mosquitto start

And talk to it via something like MQTT SPY – subscribe to any old topic (“testing”, in my case) and try publishing to that topic. I’ve tested powering down and back up and all is well.

Easiest thing I’ve done all day.. oh, NO it wasn’t – I could not write to the etc/mosquitto/conf.d directory – the usual Linux security issues…. I did this.. most likely giving FAR too much access (if anyone wants to tell me what it SHOULD be, please do but don’t let’s get complicated)…

sudo chmod 777 ./conf.d

and from there on I could use my FTP described earlier and Notepad++ to create and edit the necessary files.

Agree 777 is bad, especially if you have your password file stored there. You shouldn’t need to modify the permissions of that folder it should be set so that the mosquitto (root) demon can read and write thats about it.

As Tomer suggested try using sudo to run a text editor like vi to edit the file with elevated permissions, although if you are starting out I would recommend nano as it is much easier to learn/use than VI. If you want to keep your current method of using WinSCP and a windows text editor then create a new user and add them to the root user group (note: this really isn’t recommended, but it is better than setting all files to RWX for all users).

From a security perspective it isn’t best practice if you plan to have SSH enables to the internet as you are exposing your self to brute force attacks.

On that note, Pete if you are planning on making ssh available from the internet I would highly recommend you install fail2ban it is in the apt-get repository and will automatically ban IP addresses after 3 failed SSH logins.

I second what Ben is saying here. I had a similar setup for a while with my RPi being web accessible via ssh. So one day just out of curiosity I checked the /var/log/auth.log; to my surprise I found out that some douche-bag had been very busy trying to brute-force in to my home network. I suggest disabling root’s remote ssh access; and configure a key-based ssh authentication instead of a password based one while you are at it.

Have a look at the node-red-contrib-aedes MQTT broker. The Mosca team discontinued the Mosca broker, started from scratch and created Aedes which is a lot more reliable. Node-red-contrib-aedes is a Node-Red wrapper for Aedes. The installation and operation is a lot better than Mosca.

Pallette manager should install the broker node (search for aedes) – configure this node but just make sure if mosquitto is running on same machine on port 1883 then choose a different port for this broker. After that use standard mqtt in and out nodes after creating a link to new broker. Fast and saves on having a separate mqtt broker if that is needed.

Well, it certainly goes no-where with the pallete manager… however I went to the /home/pi/.node-red directoty and did an npm install – works a treat. No idea about performance of course… but that certainly was painless – I just changed the port, put in my usual admin and password – and made a test send/receive into debug – works… now for some more in depth testing.

I just tried Aedes broker on my linux based PC running NR under docker on Home Assistant. It loads the Aedes node via palette manager exactly as Steve describes. I set the port to 11883 and made a flow to replicate the one on Aedes git hub page, standard mqtt input / output nodes, an inject node and a couple of debug nodes. As Martin said it is very fast. It looks like it could be very useful especially for quick testing of mqtt related things.

Hi Bob, well, for whatever reason the palette manager didn’t do it for me but an npm install worked a treat. It looks good. I’m moer than happy with Mosquitto as set up in my script (the script) but it is always nice to have alternatives.

Hi Pete, one of the great values of your blog is that it allows people to share new discoveries, how they can be set be set up and tested. It is great that this new broker has two methods to install it in NR already.
I too am very happy with Mosquitto and my longest running version was installed with your script on a Pi3 over 3 years ago and the entire package is still running without a fault through power cuts, several moves. It just sits in the corner of the garage. I have never updated it, NR etc. all still running happy as Larry.

Me too, Bob… I have two 24/7 ninstallations, one here and one in Spain. The latter failed earlier this year due to lightning ehich also took out the router permanently – and killed the SD on the PI. My neighbour there (I’m still stuck in the UK) though not technical helped – I set up a duplicate router setup here in the UK and sent off a replacement SD. He put that lot ogether and we were back in business. Here, not a single falure of any aspect of the Pi for over a year – and I can state that Mosquitto has NEVER failed on me in either installation.

Here (again this year) I’ve already fitted a significant-size SALICRU UPS – perfect – and when Covid is done, Spain is getting the same treatment, so I’m reasonably confident I’ll see more years of fault-free operation (and bear in mind I tinker a lot with the UK setup – testing smart kit, doing updates) and it all just keeps going. PI + NR + Mosquitto + ESP8266 was definitely one of my better decisions. I developed ESP-GO but more and more I’m using the increasingly versatile Tasmota and that’s working well.
This prompted me to update this blog entry…

Welcome

Hi - I hope the all-new top banner is now more descripive. Let me know if I missed anything important. I hope you like it. I'm Pete and this is my (big) technology blog.

Use the search box or check out the archives and other links below - be sure to SHARE what you like using the social media buttons and please subscribe to my Youtube Video Channel

Please remember to register or log in - the top menu changes a lot when you are part of the party. Please note that registrations with no name or suspicious looking email dresses will be considered to be spammers and will be deleted. Don't forget to tick the box so you will get email follow-ups to comments. We've a great community in here. Spammers and "guest post" companies beware - you have NO chance of success and a good chance of getting spammed badly in return.

To buy me a coffee or help fuel my gadget habit, please use the Paypal donate link below.

Disclaimer: Because I have no idea of your level of technical skill or the requirements of your country laws in terms of electricity supply etc, I accept no responsibility for any damage attributed to following advice in these pages. When dealing with wall outlet (high) voltages you should satisfy yourself that whatever you are doing is safe and if unsure, seek advice from someone who is sure.

Notice: I'm always happy to offer advice on stuff I've written - and indeed take advice. If I can help in any way just let me know but PLEASE don't ask me how to program in C/PASCAL/NODE/etc. There are many resources out there - if you want to program and can't - there's always Google.

Email Newsletter

Enter a name and your real email address if you would like to receive occasional summary emails - sorry but invalid-looking or automated names and email addresses will be removed to help protect others.

Links

EE Times | Electronic Engineering TimesEE Times connects the global electronics community through news, analysis, education, and peer-to-peer discussion around technology, business, products and design